The present application relates generally to an improved data processing apparatus and method and more specifically to mechanisms for role engineering scoping and management.
In the area of security role management, role modeling is used to create an efficient and manageable set of security roles that meet the business goals of protecting resources while granting access to the correct people associated with the business organization. With large scale organizations, the number of people in the organization, e.g., thousands or 100s of thousands, the number of permissions guarding the resources, e.g., thousands or even millions, and the number of mappings between users and permissions, e.g., thousands or even 10s of millions, needed to run the organization is beyond a management scope of the system administrators designing the security roles.
Many security role engineering projects fail because of the many months or years it takes to deal with the large data sets representing the number of people, resources, and permissions of an organization. This becomes even more time consuming when having to collaborate across multiple organizations. By the time the security roles are developed, much of the data regarding the people, resources, and permissions may have changed such that the security roles developed are stale and no longer completely relevant to the business goals of the organization.